November 10, 2000

Christmas has come early in the world of Internet viruses. Navidad is a worm from South America that infects users of Microsoft Outlook. The attachment is an .exe file that installs an eyeball icon in the lower right hand corner of the Windows desktop. Navidad does not contain a dangerous payload, however it does make several changes to the Windows Registry file. Navidad currently ranks as 4 on the ZDNet virus meter.

How It Works Navidad is an e-mail worm that arrives in the Outlook Inbox as a reply to a message previously sent. The attached file is NAVIDAD.EXE, and clicking on this attachment will load the worm. While loading, an error dialog box will appear on the screen. Navidad contains a bug in its own programming, and when that part of the program loads, the letters "UI" display in a dialog box. To remove the dialog box, Windows users typically click "OK," however, in doing so, the Navidad worm continues to load.

Navidad reads all the e-mail addresses listed in Outlook as well as any MAPI clients installed, copying and sending itself out via e-mail as replies. Navidad also makes several changes to the Windows Registry, therefore, removing this worm should be done with great care. Please read the detailed removal instructions available from McAfee or Trend Micro.

All CommuniLink.Net mail servers have been capable of detecting this virus since early November. Our web hosting and email users are protected by our real-time virus scan servers. When a virus is found in any incoming and outgoing email message. Our Email Scanner will intercepted it and stopped that entire message reaching it's destination. The sender and recipient will also receive the notification of the detail virus report.

News Contact